Update serverity for polaris check (FairwindsOps#690)

* update serverity for polaris check * update test checks * update changelog and fix test failure * update tests/checks * update replicas for webhook * update config-full.yaml * update tags Co-authored-by: Robert Brennan <[email protected]>
michaelniemand · Jan 20, 2022 · e91b9b8 · e91b9b8
1 parent d695a20
commit e91b9b8
Show file tree

Hide file tree

Showing 15 changed files with 74 additions and 70 deletions.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
  <br>
  <h3>Best Practices for Kubernetes Workload Configuration</h3>
  <a href="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/FairwindsOps/polaris">
- <img src="https://img.shields.io/static/v1.svg?label=Version&message=4.2.0&color=239922">
+ <img src="https://img.shields.io/static/v1.svg?label=Version&message=5.0.0&color=239922">
  </a>
  <a href="https://goreportcard.com/report/github.com/FairwindsOps/polaris">
  <img src="https://goreportcard.com/badge/github.com/FairwindsOps/polaris">

diff --git a/checks/multipleReplicasForDeployment.yaml → checks/deploymentMissingReplicas.yaml b/checks/multipleReplicasForDeployment.yaml → checks/deploymentMissingReplicas.yaml
diff --git a/deploy/dashboard.yaml b/deploy/dashboard.yaml
@@ -102,7 +102,7 @@ metadata:
  app: polaris
  component: dashboard
 spec:
- replicas: 1
+ replicas: 2
  selector:
  matchLabels:
  app: polaris
@@ -119,7 +119,7 @@ spec:
  - dashboard
  - --port
  - "8080"
- image: 'quay.io/fairwinds/polaris:4.2'
+ image: 'quay.io/fairwinds/polaris:5.0'
  imagePullPolicy: 'Always'
  name: dashboard
  ports:

diff --git a/deploy/webhook.yaml b/deploy/webhook.yaml
@@ -101,7 +101,7 @@ metadata:
  app: polaris
  component: webhook
 spec:
- replicas: 1
+ replicas: 2
  selector:
  matchLabels:
  app: polaris
@@ -117,7 +117,7 @@ spec:
  command:
  - polaris
  - webhook
- image: 'quay.io/fairwinds/polaris:4.2'
+ image: 'quay.io/fairwinds/polaris:5.0'
  imagePullPolicy: 'Always'
  ports:
  - containerPort: 9876

diff --git a/docs/changelog.md b/docs/changelog.md
@@ -5,6 +5,10 @@ meta:
  content: "Fairwinds Polaris | Changelog"
 
 ---
+## 5.0.0
+* Renamed `multipleReplicasForDeployment` to `deploymentMissingReplicas`
+* Changed `RunAsRootAllowed` and `hostNetworkSet` default severity to `danger`
+* Changed `deploymentMissingReplicas` default severity to `warning`
 
 ## 4.2.0
 * New flags `--disallow-(config|annotation)-exemptions`

diff --git a/docs/checks/reliability.md b/docs/checks/reliability.md
@@ -15,7 +15,7 @@ key | default | description
 `tagNotSpecified` | `danger` | Fails when an image tag is either not specified or `latest`.
 `pullPolicyNotAlways` | `warning` | Fails when an image pull policy is not `always`.
 `priorityClassNotSet` | `ignore` | Fails when a priorityClassName is not set for a pod.
-`multipleReplicasForDeployment` | `ignore` | Fails when there is only one replica for a deployment.
+`deploymentMissingReplicas` | `warning` | Fails when there is only one replica for a deployment.
 `missingPodDisruptionBudget` | `ignore` 
 
 ## Background

diff --git a/docs/infrastructure-as-code.md b/docs/infrastructure-as-code.md
@@ -90,7 +90,7 @@ The version number of the release tag.
 ```yaml
 uses: fairwindsops/polaris/.github/actions/setup-polaris@master
 with:
- version: 4.2.0
+ version: 5.0.0
 ```
 
 Example inside a job:
@@ -101,7 +101,7 @@ steps:
  - name: Setup polaris
  uses: fairwindsops/polaris/.github/actions/setup-polaris@master
  with:
- version: 4.2.0
+ version: 5.0.0
 
  - name: Use command
  run: polaris version

diff --git a/examples/config-full.yaml b/examples/config-full.yaml
@@ -1,6 +1,6 @@
 checks:
  # reliability
- multipleReplicasForDeployment: warning
+ deploymentMissingReplicas: warning
  priorityClassNotSet: warning
  tagNotSpecified: danger
  pullPolicyNotAlways: warning
@@ -16,11 +16,11 @@ checks:
  hostPIDSet: danger
  notReadOnlyRootFilesystem: warning
  privilegeEscalationAllowed: danger
- runAsRootAllowed: warning
+ runAsRootAllowed: danger
  runAsPrivileged: danger
  dangerousCapabilities: danger
  insecureCapabilities: warning
- hostNetworkSet: warning
+ hostNetworkSet: danger
  hostPortSet: warning
  # custom
  resourceLimits: warning

diff --git a/examples/config.yaml b/examples/config.yaml
@@ -1,6 +1,6 @@
 checks:
  # reliability
- multipleReplicasForDeployment: ignore
+ deploymentMissingReplicas: warning
  priorityClassNotSet: ignore
  tagNotSpecified: danger
  pullPolicyNotAlways: warning
@@ -20,11 +20,11 @@ checks:
  hostPIDSet: danger
  notReadOnlyRootFilesystem: warning
  privilegeEscalationAllowed: danger
- runAsRootAllowed: warning
+ runAsRootAllowed: danger
  runAsPrivileged: danger
  dangerousCapabilities: danger
  insecureCapabilities: warning
- hostNetworkSet: warning
+ hostNetworkSet: danger
  hostPortSet: warning
  tlsSettingsMissing: warning
 

diff --git a/main.go b/main.go
@@ -20,7 +20,7 @@ import (
 
 const (
  // Version represents the current release version of Polaris
- Version = "4.2.0"
+ Version = "5.0.0"
 )
 
 func main() {

diff --git a/pkg/config/checks.go b/pkg/config/checks.go
@@ -13,7 +13,7 @@ var (
  // tests as we migrate toward JSON schema
  checkOrder = []string{
  // Controller Checks
- "multipleReplicasForDeployment",
+ "deploymentMissingReplicas",
  // Pod checks
  "hostIPCSet",
  "hostPIDSet",